Kev’s Techdirt Profile

jeepboy99

About Kev


Kev’s Comments comment rss

  • Aug 17th, 2018 @ 12:55pm

    NIST 800-53 Control Set

    on NJ Courts Impose Ridiculous Password Policy 'To Comply With NIST' That Does Exactly What NIST Says Not To Do
    IA-5 is the relevant NIST control. Here's the control enhancement section and as you can see, it's all defined by the organization:

    Control Enhancements:
    (1) AUTHENTICATOR MANAGEMENT | PASSWORD-BASED AUTHENTICATION
    The information system, for password-based authentication:
    (a) Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type];
    (b) Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number];
    (c) Stores and transmits only cryptographically-protected passwords;
    (d) Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum];
    (e) Prohibits password reuse for [Assignment: organization-defined number] generations; and
    (f) Allows the use of a temporary password for system logons with an immediate change to a permanent password.

    I think what they may actually be referring to is CJIS, not NIST. Here is the relevant control from that set:

    5.6.2.1.1 Password
    Agencies shall follow the secure password attributes, below, to authenticate an individual’s unique ID. Passwords shall:
    1. Be a minimum length of eight (8) characters on all systems.
    2. Not be a dictionary word or proper name.
    3. Not be the same as the Userid.
    4. Expire within a maximum of 90 calendar days.
    5. Not be identical to the previous ten (10) passwords.
    6. Not be transmitted in the clear outside the secure location.
    7. Not be displayed when entered.

    Either way, it's a shit policy.
  • Oct 3rd, 2016 @ 6:43am

    Little Rock

    on Arkansas Congressman Who Helped Protect Citizens' Right To Record Police Arrested For Recording Police
    Hi, I live in Little Rock. First, let me assure you that I'm not in any way defending the arrest, it was a stupid, stupid thing to do. John Walker is notorious in this town for being a race-baiting ambulance chaser. Google "Joshua Intervenors" for the highlights of his legal career if you'd care to learn more. tl:dr version is that he has filed a series of lawsuits against the school districts here dating back to 1982 that have accomplished little besides very nearly bankrupting LRSD. He has a history of antagonizing law enforcement in the area in the hopes of being arrested so that he can then sue everyone in sight. LRPD knows this and generally ignores him but for whatever reason, they didn't this time. Currently, all charges against both men have been dropped, the City Manager and the Police Chief have both publicly apologized (Walker made a very big deal of not accepting said apologies) and lawsuits are being prepared. The end result will be that the Citizens of Little Rock will write yet another check to this clown because a cop got frustrated and the perception of Little Rock as a racist Southern backwater will be reinforced. Good job all around.
  • Aug 17th, 2016 @ 11:35am

    This right here

    on News Sites Realizing That Relying On Facebook For Traffic Might Not Have Been Wise
    This philosophy is what sets Techdirt apart from so many other sites for me. Content that doesn't insult my intelligence and actually tells me something worth knowing is what brings me here every damn day. Thank you for that.
  • Jan 6th, 2016 @ 2:42pm

    For what it's worth...

    on GQ And Forbes Go After Ad Blocker Users Rather Than Their Own Shitty Advertising Inventory
    These restrictions can be skirted just like a paywall. I tested both sites with Readability and got right in.
  • Sep 16th, 2015 @ 9:21am

    (untitled comment)

    on The Weather Channel Finally Gets The Message: Announces Plan To Actually Cover...The Weather
    It would be great if they would also just stop trying to make winter storm names a thing.
  • Aug 3rd, 2015 @ 1:14pm

    Likely self-defense

    on Daily Dot Latest To 'Keep Conversation Moving Forward' By Not Letting Site Visitors Comment At All
    It being the Daily Dot and all, I'm pretty sure it was done to cut down on the constant triggering of their oh so special snowflake filled staff.
  • Mar 25th, 2015 @ 6:39am

    Lost Sale

    on No Copyright Lives Forever: How The Apathy Of IP Rights Holders About Their Copyrights Killed A Game Re-Release
    I've still got the install CD and would have jumped at an updated digital copy. Yes Rights Holder, I would've paid you a second time for something I already own because the Win98 VM I currently use for older games gets the job done but GOG is steadily eliminating the need for it. Instead, you can't get out of your own way to make that possible and my money stays in my pocket.
    Also, I'm not interested in most of your new releases because they lean heavily on multi-player instead of gameplay. I realize this shows my age but spending an evening playing a game full of kids using aimbots while proudly displaying their ability to curse is just not my idea of fun. Now get off my damn lawn, I have clouds to yell at!
  • Feb 19th, 2015 @ 1:34pm

    Re: Re:

    on Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency
    Geico was one of the main drivers of this. A quick scan of their website doesn't turn up any reference to it now so it may be discontinued. It's use is typically linked to a rate reduction.
  • Nov 21st, 2014 @ 9:56am

    Re:

    on Reuters, Re/code Care So Very Much About 'Conversation' That They're Asking Commenters To Leave
    Go read the comments on a random story on any CBS Local site. Some of those clowns would make 4Chan blush.
  • Oct 24th, 2014 @ 2:36pm

    Thank You...

    on This Post Is Not About GamerGate
    The Gawker / Daily Dot histrionics are really beginning to wear thin and I'm eternally grateful to the staff here for not following them down that particular rabbit hole.
  • Jan 22nd, 2014 @ 6:28am

    Re:

    on Yale Student Creates Unblockable Replacement For Useful Course Catalog Site Yale Blocked; Yale Reconsiders Initial Block
    Yup, that vote will be on the very next agenda. I imagine they'll justify it as a "privacy" issue for the faculty and staff and probably make some sort of claim that the reviews are misleading because they don't take into account some super secret data-set that students don't have access to. Based on that, they'll just take the whole thing offline.
  • Aug 8th, 2013 @ 8:24am

    (untitled comment)

    on Pace Of Cord Cutting Continues To Quicken
    What would prevent the hybrid ISP/content providers like Comcast from just slapping caps on their customers? Netflix and Hulu are viable because, for the most part, users have unlimited data for a monthly fee. What happens if that gets replaced with all the limits mobile providers are slapping on their customers these days? I'm not so sure this is going to be the bloodbath everyone expects.
  • Oct 25th, 2012 @ 11:18am

    (untitled comment)

    on Statistical Stupidity: 95% Of All Lazy Journalists Believe That 88% Of All Homemade Porn Ends Up Online
    Pictures or it didn't happen
  • Sep 19th, 2012 @ 12:35pm

    No problem!

    on French Court Detaches Itself From Reality, Demands Tabloid Turn Over 'Original' Topless Kate Middleton Photos
    All the publisher needs to do is turn the copyright industry loose on the internet. Surely all the revenue generated from the ensuing infringement lawsuits will more than cover the cost of the fines.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it